Comment 2 for bug 29559

This bug can be fixed by smartening up guess_bugtask() which is used to get the bugtask when it was not explicitly stated. guess_bugtask() does not use proper zope security checks; anyone working in this function could update it so that drivers, bug supervisors, and security contacts can perform the same updates that they can use API or UI.